jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

validateRequestedScopes -> hasScopes

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-06-14 16:32:24 -07:00
parent f7089c52ff
commit dc86b0f319
3 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/accesscontrol.js
+8 -8
View File
@@ -19,7 +19,7 @@ exports = module.exports = {
accessTokenAuth: accessTokenAuth,
validateScope: validateScope,
validateRequestedScopes: validateRequestedScopes,
hasScopes: hasScopes,
intersectScope: intersectScope,
canonicalScope: canonicalScope
};
@@ -170,10 +170,10 @@ function validateScope(scope) {
return null;
}
// tests if all requestedScopes are attached to the request
function validateRequestedScopes(authInfo, requestedScopes) {
// tests if all requiredScopes are attached to the request
function hasScopes(authInfo, requiredScopes) {
assert.strictEqual(typeof authInfo, 'object');
assert(Array.isArray(requestedScopes));
assert(Array.isArray(requiredScopes), 'Expecting array');
if (!authInfo || !authInfo.scope) return new Error('No scope found');
@@ -181,10 +181,10 @@ function validateRequestedScopes(authInfo, requestedScopes) {
if (scopes.indexOf(exports.SCOPE_ANY) !== -1) return null;
for (var i = 0; i < requestedScopes.length; ++i) {
if (scopes.indexOf(requestedScopes[i]) === -1) {
debug('scope: missing scope "%s".', requestedScopes[i]);
return new Error('Missing required scope "' + requestedScopes[i] + '"');
for (var i = 0; i < requiredScopes.length; ++i) {
if (scopes.indexOf(requiredScopes[i]) === -1) {
debug('scope: missing scope "%s".', requiredScopes[i]);
return new Error('Missing required scope "' + requiredScopes[i] + '"');
}
}
src/routes/accesscontrol.js
+7 -7
View File
@@ -19,16 +19,16 @@ var accesscontrol = require('../accesscontrol.js'),
// See server.js:
// var profileScope = routes.oauth2.scope('profile');
//
function scope(requestedScope) {
assert.strictEqual(typeof requestedScope, 'string');
function scope(requiredScope) {
assert.strictEqual(typeof requiredScope, 'string');
var requestedScopes = requestedScope.split(',');
var requiredScopes = requiredScope.split(',');
return [
passport.authenticate(['bearer'], { session: false }),
function (req, res, next) {
var error = accesscontrol.validateRequestedScopes(req.authInfo || null, requestedScopes);
var error = accesscontrol.hasScopes(req.authInfo || null, requiredScopes);
if (error) return next(new HttpError(403, error.message));
next();
@@ -36,8 +36,8 @@ function scope(requestedScope) {
];
}
function websocketAuth(requestedScopes, req, res, next) {
assert(Array.isArray(requestedScopes));
function websocketAuth(requiredScopes, req, res, next) {
assert(Array.isArray(requiredScopes));
if (typeof req.query.access_token !== 'string') return next(new HttpError(401, 'Unauthorized'));
@@ -48,7 +48,7 @@ function websocketAuth(requestedScopes, req, res, next) {
req.user = user;
req.authInfo = info;
var e = accesscontrol.validateRequestedScopes(req.authInfo, requestedScopes);
var e = accesscontrol.hasScopes(req.authInfo, requiredScopes);
if (e) return next(new HttpError(401, e.message));
next();
src/test/accesscontrol-test.js
+12
View File
@@ -44,6 +44,18 @@ describe('access control', function () {
it('everything is different', function () {
expect(accesscontrol.intersectScope('cloudron,domains', 'clients,apps')).to.be('');
});
});
describe('hasScopes', function () {
it('succeeds if it contains the scope', function () {
expect(accesscontrol.hasScopes({ scope: 'apps' }, [ 'apps' ])).to.be(null);
expect(accesscontrol.hasScopes({ scope: 'apps,mail' }, [ 'mail' ])).to.be(null);
expect(accesscontrol.hasScopes({ scope: 'clients,*,apps,mail' }, [ 'mail' ])).to.be(null);
});
it('fails if it does not contain the scope', function () {
expect(accesscontrol.hasScopes({ scope: 'apps' }, [ 'mail' ])).to.be.an(Error);
expect(accesscontrol.hasScopes({ scope: 'apps,mail' }, [ 'clients' ])).to.be.an(Error);
});
});
});